A system, method and computer program product are provided for policy-based billing for a network session. Initially, a plurality of packets is received by a plurality of analyzers. Thereafter, the packets are aggregated. Next, the plurality of packets is analyzed to identify a plurality of flows and an session associated with the flows. At least one application associated with the session is also identified. The session is then reconstructed utilizing the identified application. A user associated with the session is then identified along with a policy. The user is then billed for the session in accordance with the policy.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for policy-based billing for a distributed network session, comprising: (a) receiving a plurality of packets at a plurality analyzers; (b) aggregating the plurality of packets; (c) analyzing the plurality of packets to identify a plurality of flows; (d) identifying a session associated with the flows; (e) identifying at least one application associated with the session; (f) reconstructing the session utilizing the identified application, the session reconstruction being carried out at a plurality of collaborating nodes; (g) identifying a user associated with the session; (h) determining a policy; and (i) billing the user the session in accordance with the policy; wherein the session reconstruction is performed at a first analyzer, and upon a successful session reconstruction on the first analyzer, a first message is sent to at least one second analyzer separate from the first analyzer, the first message corresponding to session data, and upon an unsuccessful session reconstruction on the first analyzer, one or more messages is sent to the second analyzer, the one or more messages including unrecognized data.
2. The method as recited in claim 1 , and further comprising filtering the packets for removing packets unrelated to the session.
3. The method as recited in claim 1 , and further comprising identifying application events associated with the session based on the policy.
4. The method as recited in claim 3 , and further comprising assigning a significance to the application events based on the policy.
5. The method as recited in claim 3 , wherein the user is billed for the session utilizing the application events in accordance with the policy.
6. The method as recited in claim 3 , and further comprising determining billing information for the session using the application events in accordance with the policy.
7. The method as recited in claim 6 , and further comprising outputting a report including the billing information in accordance with the policy.
8. The method as recited in claim 1 , and further comprising restricting tasks of the user in accordance with the policy.
9. The method as recited in claim 8 , wherein an amount of bandwidth is restricted in accordance with the policy.
10. The method as recited in claim 1 , wherein the policy includes a series of packet capture language expressions and output selectors.
11. The method as recited in claim 1 , wherein a first flow associated with a first application flows through a first one of the nodes.
12. The method as recited in claim 11 , wherein a second flow associated with the first application flows through a second one of the nodes.
13. The method as recited in claim 1 , wherein each of the collaborating nodes includes a packet source and a first hierarchical network analyzer.
14. The method as recited in claim 13 , wherein each of the collaborating nodes further includes a filter coupled between the packet source and the first hierarchical network analyzer.
15. The method as recited in claim 13 , wherein the first hierarchical network analyzers of each of the nodes feed information to a second hierarchical network analyzer.
16. The method as recited in claim 15 , wherein the information is used by the second hierarchical network analyzer to reconstruct the session utilizing the identified application.
17. The method as recited in claim 15 , wherein the information involves packet forwarding.
18. The method as recited in claim 15 , wherein the information involves hints and packet forwarding, the hints being generated by a lower level session analyzer and provided to the higher level analyzer to facilitate the reconstruction of the session.
19. The method as recited in claim 15 , wherein the information involves hints and a summary of packets, the hints being generated by a lower level session analyzer and provided to a higher level analyzer to facilitate the reconstruction of the session.
20. The method as recited in claim 1 , wherein the nodes each include a router.
21. A computer program product embodied on a computer readable medium, which when executed by a computer causes the computer to perform a method for policy-based billing for a distributed network session, comprising: (a) computer code for receiving a plurality of packets at a plurality of analyzers; (b) computer code for aggregating the plurality of packets; (c) computer code for analyzing the plurality of packets to identify a plurality of flows; (d) computer code for identifying a session associated with the flows; (e) computer code for identifying at least one application associated with the session; (f) computer code for reconstructing the session utilizing the identified application, the session reconstruction being carried out at a plurality of collaborating nodes; (g) computer code for identifying a user associated with the session; (h) computer code for determining a policy; and (i) computer code for billing the user for the session in accordance with the policy; wherein the session reconstruction is performed at a first analyzer, and upon a successful session reconstruction on the first analyzer, a first message is sent to at least one second analyzer separate from the first analyzer, the first message corresponding to session data, and upon an unsuccessful session reconstruction on the first analyzer, one or more messages is sent to the second analyzer, the one or more messages including unrecognized data.
22. The computer program product as recited in claim 21 , and further comprising computer code for filtering the packets for removing packets unrelated to the session.
23. The computer program product as recited in claim 21 , and further comprising computer code for identifying application events associated with the session based on the policy.
24. The computer program product as recited in claim 23 , and further comprising computer code for assigning a significance to the application events based on the policy.
25. The computer program product as recited in claim 23 , wherein the user is billed for the session utilizing the application events in accordance with the policy.
26. The computer program product as recited in claim 23 , and further comprising computer code for determining billing information for the session using the application events in accordance with the policy.
27. The computer program product as recited in claim 26 , and further comprising computer code for outputting a report including the billing information in accordance with the policy.
28. The computer program product as recited in claim 21 , and further comprising computer code for restricting tasks of the user in accordance with the policy.
29. The computer program product as recited in claim 28 , wherein an amount of bandwidth is restricted in accordance with the policy.
30. The computer program product as recited in claim 21 , wherein the policy includes a series of packet capture language expressions and output selectors.
31. A method for policy-based billing for a distributed network session, comprising: (a) receiving a plurality of packets at a plurality of analyzers; (b) aggregating the plurality of packets; (c) analyzing the plurality of packets to identify at least a first flow; (d) identifying a session associated with the first flow; (e) identifying additional flows in the plurality of packets associated with the session; (f) filtering the packets for removing packets unrelated to the session; (g) identifying at least one application associated with the session; (h) reconstructing the session utilizing the identified application, the session reconstruction being carried out as a plurality of collaborating nodes; (i) identifying a user associated with the session; (j) identifying a policy; (k) gathering application events associated with the session based on the policy; (l) assigning a significance to the application events based on the policy; (m) determining billing information for the session using the application events in accordance with the policy; (n) outputting a report including the billing information in accordance with the policy; (o) restricting tasks of the user in accordance with the policy; and (p) executing actions in response to the application events in accordance with the policy; wherein the session reconstruction is performed at a first analyzer, and upon a successful session reconstruction on the first analyzer, a first message is sent to at least one second analyzer separate from the first analyzer, the first message corresponding to session data, and upon an unsuccessful session reconstruction on the first analyzer, one or more messages is sent to the second analyzer, the one or more messages including unrecognized data.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
August 21, 2001
June 20, 2006
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.